As we transition into the New Year, one of the biggest stories of 2014 – major corporations being hacked into – only seems to grow more prevalent. First it was Target then Home Depot and then a host of others, including restaurants, banks and even parking lot companies. This “first wave” of major hacking incidents were primarily financially motivated. The hackers were stealing credit card and personal information to sell or use on the black market. The cost to these major corporations to repair the damage runs in the tens of millions of dollars, not to mention the lost customer support and goodwill that these major brands have spent years trying to build.
The level of attacks has taken on a new dimension in two of the first of their kind – the lesser reported hack and subsequent wiping of entire computer systems at the Sands Casino and, perhaps most famously (or infamously) the attack on Sony Pictures for producing and releasing the movie “The Interview.” These attacks were radically different in that they were designed specifically to cause as much damage to the companies as possible, and not just to gain personal information or credit card numbers.
The attack on Target illustrates the need for all companies, both large and small, to implement strong web security policies. In the Target attack, hackers made their way into internal systems via an air conditioning/HVAC subcontractor. One of the most common ways for hackers to attack any system is to find the proverbial “weakest link” and exploit it to gain access to more secure systems. Thus, we at Shift One Labs wanted to provide some helpful tips and preventive measures that all companies – from the world’s largest corporations to individual business owners – should take to help create a secure, online environment for their customers, clients and vendors.
- Strong Passwords: Creating strong passwords, much like flossing, is something that we all know we need to do but don’t actually do often enough. Creating a strong password might make it more difficult to remember, so you may want to use a password manager program to help keep them all straight.
- Web Security: Talk to your web development company about security. If you run an e-commerce site, this is of vital importance since it is your customers’ credit card and personal information that is at the greatest risk. Make sure they are using secure, well known e-commerce solutions such as Magento or osCommerce. If they don’t provide detailed information about the steps they take to help build and host secure sites, come talk to us.
- Use Open Source: Open source solutions offer users increased security compared to closed systems. Open source allows anyone to look into the underlying code that the software and applications are built on. Much the same way it’s a risk to buy a new house without a proper inspection, it’s difficult to truly access the effectiveness of a given program if you can’t see how it works.
- Web Hosting: Look into the specifics of your web hosting company. What are their qualifications? What security implementations do they have in place? What level of support will they provide during a potential problem? Shift One Labs not only provides web application development – we also have website hosting capabilities.
- Update Software: Updating the software on your computer – particularly the operating system – goes a long way towards helping prevent potential problems.
- Offsite Backup: Creating on offsite backup of your most important data should be a core component of your IT system. Sites such as Crash Plan are designed to be easy to use and allow to you back up to a home or other trusted computer as well as the cloud.
If you have any questions about web security or the steps you can take now to help reduce the risk of a potential incident destroying your business, please reach out to us. For now, we need to go find some floss.